Fluid Attacks Database

Description

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	dbus-broker	>=0 <30-1	30-1
debian 13	dbus-broker	>=0 <30-1	30-1
debian 14	dbus-broker	>=0 <30-1	30-1
debian 11	dbus-broker	=26-1 \|\| >=0 <26-1+deb11u1	26-1+deb11u1
rpm rhel9	dbus-broker	<0:28-5.1.el9_0	0:28-5.1.el9_0

Aliases

1. CVE-2022-312122. NVD-2022-312123. OSV-DEBIAN-2022-312124. OSV-2022-312125. SECURITY-TRACKER-CVE-2022-31212

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.